[Koha-bugs] [Bug 22522] API authentication breaks with updated Mojolicious version
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Mar 18 22:15:22 CET 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22522
--- Comment #2 from José-Mario Monteiro-Santos <jose-mario.monteiro-santos at inlibro.com> ---
I've noticed today that with newer Mojolicious versions, the authentication is
basically skipped as x-koha-authorization is never defined. It seems that this
makes it so all endpoints do not require authorization to be accessed. This is
a major security flaw, since anybody can for example access patron's
information.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list